One-size-fits-all AI guardrails do not work in the enterprise (www.techradar.com)

Consumer-style, one-size-fits-all guardrails for generative AI are breaking down in enterprises because they treat every user and context the same, causing both safety blind spots and productivity friction. The article argues for persona-based access controls (PBAC): middleware that sits between large language models and end users, mapping identities, roles, clearance levels, departments and project context to policies that filter outputs at the knowledge level rather than simply blocking entire topics. Unlike RBAC (which controls system/file access), PBAC governs what knowledge an AI may disclose to a given persona—so a compliance officer, HR leader, or junior analyst asking the same prompt will receive responses tailored to their legitimate need-to-know. Technically, PBAC acts as a content firewall and policy engine that enforces privacy, security and regulatory constraints, logs blocked or altered outputs for auditability, and integrates with enterprise identity and governance systems. Vendors are already piloting this pattern to reduce exposure to PHI, insider-trading guidance, and other business risks while preserving useful AI capabilities. For the AI/ML community, PBAC reframes safety as contextual disclosure control and highlights engineering challenges around fine-grained policy mapping, real-time context inference, and verifiable audit trails—requirements that align with emerging rules like the EU AI Act and the NIST AI Risk Management Framework.